Initial Droplet Setup
Web services are provided by a digital ocean virtual machine or “droplet”; a general purpose computer “on the cloud” that can store or run anything. The following steps should enable you to set up your own droplet or serve as reference when something goes wrong.
- make an account on digitalocean.com
- create a “team” organization
- create a droplet for the organization
Access
If you haven’t already, set up your local .ssh directory in your user directory
- generate a local ssh key pair with
ssh-keygen - add the new key pair and host to your
.ssh/configfor ease of use
You can either add the public key to a local user using the digital ocean web terminal as described in the droplet access guide, or add it to your team security settings directly.
- create a new user:
adduser <new_user - grant super user privileges:
gdpasswd -a <new_user>
After confirming you can ssh into the droplet (ssh <user>@<droplet_IPv4_address>), remove remote access to the root user.
- edit the ssh config
vi /etc/ssh/sshd_config- change the line
PermitRootLogin yestoPermitRootLogin no
- change the line
- reload ssh:
service ssh restart- try connecting to your server again in a new terminal before terminating your existing connection
Software
Perform system update
sudo apt-get update
sudo apt-get upgrade
Install node and npm
sudo apt-get install node
sudo apt-get install npm
Install nginx
sudo apt-get install nginx
You should now see the nginx welcome page if you enter the droplet’s address into a browser
Nginx Configuration
Grant user access to edit configuration files
sudo setfacl -m u:<user>:rwx -R /etc/nginx/sites-available
You can now add and enable whichever server blocks you wish. Leave default unchanged.
Adjust a value in the root configuration; edit /etc/nginx/nginx.conf to change server_names_hash_bucket_size
...
http {
...
server_names_hash_bucket_size 64;
...
}
...
- test the syntax of your configuration:
sudo nginx -t - restart nginx to apply configuration changes:
sudo systemctl restart nginx
Web Access
- add an
Arecord (orCNAMEfor a root domain) for the subdomain you want to serve the droplet from with a value of the droplet’s IPv4 address- you should now be able to ssh into your droplet using this address
Add an nginx server block for the configured address
server {
root /var/www/<sitename>/html;
index index.html;
server_name <sitename> <alternative_sitename>
location / {
try_files $uri index.html =404;
}
}
- add content for the block to serve at
var/www/<sitename>/html/index.html
ssl certificates
Install certbot
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install python-certbot-nginx
Ensure that your server block is configured with the desired names, then issue certificates for them
sudo certbot --nginx -d <sitename> -d <alternate_sitename>
You should now be able to see your test file served over https in a web browser
Nginx Services Setup
I’ve set up the BCI 4 Kids droplet to serve whatever static sites with their own block configs, but also a central droplet.bci4kids.ca that will serve an arbitrary number of web services from localhost ports from paths to that domain.
Update the server block config to serve an index, custom 404 page, or a service from a specified address
server {
root /var/www/<sitename>/html;
error_page 404 /404.html;
index index.html;
server_name <sitename> <alternative_sitename>
location /404.html {
internal;
}
location /<service_name> {
proxy_pass http://localhost:<port>/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Arbitrary services can then be served over local http ports, which can be easilly ran and managed with pm2.
sudo npm install -g pm2
pm2 start <entry_script> <service_name>